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INTERNATIONAL PRELIMINARY international application No. PCT/GB 03/04261 
EXAMINATION REPORT - SEPARATE SHEET __ 

Re Item I 1 
Basis of the report 

I 

The amendments filed with the letter dated 1 5 October 2004 introduce slibject-matter which 
extends beyond the content of the application as filed, contrary to Article 34(2)(b) PCT. 

Amended claim 1 claims that "at least one data processing instruction executed by said 
processor core is a conditional write data processing instruction encoding condition codes 
specifying conditions under which said conditional write data processing Instruction 
will or will not be permitted to write data to effect a change in state of said processor 

core" ' 

The description as filed discloses that "the condition codes encode a set of processor state 
conditions in which the associated instruction either will or will not be executed". 
The description further discloses that a fixed/variable bit exists somewhere in the processor 
core and "the fixed/variable bit at least partially suppresses the conditional behaviour 
in that the instruction will execute irrespective of its condition codes, but may not write 
its result in a way that has an effect upon the processor state". 

Permission to write data in a way that has an effect upon the processor state depends on the 
fixed/variable bit and the condition codes and not only on the condition codes, as claimed. 
Therefore a processor having no fixed/variable bit. in which a write that effects a change in 
state of the processor core depends only on the condition codes encoded in the instruction 
it Is not directly and unambiguously derivable from the original application. 

The report will be established based on the original set of application documents. 
Re Item V 

Reasoned statement with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 

The following documents are referred to in this communication; the numbering will be adhered 
to in the rest of the procedure: 

D1- EP-A-1 158 384 (INFINEON TECHNOLOGIES AG) 28 November 2001 (2001-11-28) 
D2: US-A-5 961 633 (JAGGAR DAVID VIVIAN) 5 October 1999 (1999-10-05) 
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^M., D^IMINARY ,™en,a«ona,appli=a«o.No. PCT/GB 03/04261 

SSmS^S-roiiHii — 

PCT). 

..,o..epu.oseo,t.e.o«o«;n,— ^^^^^ 
some conditions are met. 

non.«w«e condHions are met but to a '^^^'^T^^'!'^^^^ - -r^te does not exclude that also 
rr="vreTst^=i:^r .stead o...e ^.e. However 
such a case is not supported by the description. 

aai.Sshou,dexp,«.c^n,then«thod step stating tothe case When the condi«on is no, 
met. 

1.3Theaboveobiection also applies, mu.atisn,utandis,to««co„.spondingappa«.usc^im 

1. 

\. «,^ntionPd lack of clarity notwithstanding, the subject-matter of 

^.a;TrdT.r.:r::rror;L°: 33(3^0^^^ 

33(1) PCT are not met. 

2.1 The document D1 discloses: 

A method o, processing data, ^"'^^^^l^'^, I':!' pr<«^ssing operation, a. leas, 
generating a result data value "P°"j;'=^'™„„^, Ze data processing operation 

rnC^eTrrprrrors^^^^^^ 
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"was this write instruction generated by the blank instmclion 
"nicht nutzbare Register"). 

The subject-matter of claim 9 is therefore not new (Article 33<1) and (2) PCT). 
Since the resunda^^lue^a^^^^^^^^^ 

rw:urd':^:r Tnew rXThe obiecion o, parag^ph 1 wouid be overcome. 
2.2 The above objection applies, mutatismutandis, '°J^'=°^P^"f!^S:!^^ 



^ . 2 a 10-16 do not appear to contain any additional features which, in 

3. Dependent claims 2-8, 1 0 1 b ao noi ,^ requirements of the 

combination with the features of eny <.a^m to ^^^^ 
pnr with resoect to novelty (Article ^^K^) roi; oi invonti ^ ^ ^ 
documents m!D2 and the corresponding passages cited in the search report. 
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ATA i>POr F.SSTNG SYSTEM 
Tlus invention relates to the field Of data processing syst^ 

this invention relates to the masking of process!^ . 
5 for example, in order to increase security. i . 

It is known to provide data processing systems which manipulate sdnire ^ and 
forwhichitisdesirabletoensureaHghdegreeofsecmty.Asanexa«ple,it^«^^^ , 
provide smart cards which include a data processing system which manipulates secure 
date, sudi as secret cryptogn«>hic keys, and this data must be k^^ secret in order to 
10 prevent fraud. 

Knpwnwaysofattackingthesecurityofsuchsystemsincludetiminganal^^^ 
power analysis. By observing the timing behaviour and/or the power consumption 
behaviour of such a system in response to inputs, i^^^ 
bdig p^ormed md tlfe data being m«^ 
15 compromise security. It is strongly advantageous to provide resistance against such 

security attacks. j j 

m>-A-l 158384 discloses a processor pipeline in which randomly selected code 

sequences ^ inserted into the instruction pipeline with the results for those sequences 
being written to registers which dp not change the state of the processor.; 
20 Viewed from one aspect the present invention provides appa^ 

data, said apparatus comprising: 

a processor core operable to execute data processing instructioris to gen^^ 

data values; and 

data processing registers holding data values defining state of said processor c^^ 
25 to which said result data values are written; wherein 

at least one data processing instruction executed by said processor core is a 
conditional write data processing instruction encoding condition codes specifying 
conditions under winch said conditional write data processing instruction will or will not 
be permitted to write data to effect a diange in state of said processor core; and further 
30 comprising 

a trash register to which a result data value may be written instead of a data 
processing register upon execution of said conditional write data proce^ing instruction 
when said condition codes within said conditional write data processing instmction do not 
permit a write to effect a change in state of said processor core. 
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This invention recognises that there is a characteristic power cdrisuz^ 
signature associated with a write to a data processing register and accordingly information 
concerning the data processing being performed iii association with coiiditional wri^ dstta. 
processing operations can be externally observed, i.e. infoimatipn upon whether or not the 
5 conditional write did or did not occvcr. The invention address this problem by providing a 
trash registea: to which a result value (which is preferably the tme value) is written wh«i 
the conditional write data processing operation meets its non-write conditions and a write 
would not otherwise occur. Accordingly, a write to a register whether the true register or 
the trash register, always occurs irrespective of whether or not the write conditions or non- 
10 write conditions are met and thus the security of this system is enhanced. \ . 

The data register to which the write is normally made when the write conditions 
are met is preferably part of a register bank containing a plurality of such registras. In tins 
circumstance, a cominon trash register(s) may be used for dummy writes irrespective of 
how inahy real data registers are provided with^ 
15 Preferably, the trash register is physically located as part of the register bank so as 

to avoid leakage of information by observing which part of a circuit is active at any given 
time. 

It will be appredated that a conditional write operation may be arranged to either 

occur or not occur when particular conditions are met. 
20 It will be appreciated that the normal technical prejudice in tins field is to reduce 

power consumption as much as possible. Accordingly, it would conventionally be 

considered that not performing a register write when a conditional write operation did not. 

require one would be an advantageous feature since it would reduce the amount of power 

consimied. The present technique moves against this technical prejudice in the field by 
25 deliberately performing a trash register write and consuming power even though this is not 

required for the real processing activities of the system. 

In preferred embodimaits of the invention the trash register activity can be 

selectively enabled and disabled depending upon a control signal stored in a system 

configuration register. This allows progranunable activity of the trash register activity 
30 such that power can be saved by disabling this feature when noh secure processing is 

taking place and yet security impiroved when required, such as when handling 

cryptographic keys, decoding passwords etc. 

As mentioned above, whilst the trash register may be physically located within the 

register bank with the normal data registers, in preferred embodiments the trash register is 
35 unmapped to a register number such that it caimot be specified by any program instraction 
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and accordingly is invisible as a register from the programmer's model point of View. The 

trash register is however visible in the sense that its activity can be enable or disabled in 

preferred embodiments by a configuration parameter. 

Viewed from another aspect the present invention provides a method of processing 

5 data, said mediod coinpii^g the stq[>s of: i 

generating result data values upon execution by a processor core of data processing 

instructions, at least one data processing instruction executed being a conditional write 
d^ processing instruction encoding condition codes specifying conditions under which 
said conditional write data processing instruction will or will not be permitted to write data 
10 to effect a chaiige in state of said processor core and wherein 

a result data value is not written to « data processing register holding a data value 
defining state of said processor core when condition codes within said condition write data 
processing instruction do not |>enDait a write to effect a change in state of said processor 
core but is instead written to a trash register. 

Embodiments of the invention will now be described, by way of example only, 
witti reference to the accompanying drawings in which: 

Figure 1 schematically illustrates a data processing system operable in a fixed 
timing mode and a variable timing mode; 

Figure 2 schematically illustrates a conditional programming instruction; 

Figure 3 is a flow diagram schematically iUustrating part of the processing 
operations performed by an instraction decoder operating m accordance with tiie present 
techniques; 

Figure 4 schematically illustrates the execution of a conditional branch instruction 

in a fixed timing mode; 

Figure 5 is a diagram schanatically illustrating a data processing system including 
multiple circuit portions which may be selectively enabled to perform required processing 
operations or duiruny processing operations; 

Figure 6 schematically illustrates a circuit portion and its associated dummy 
activity enabling circuit which may be responsive to botii required enable signals and 
30 random dmnmy activity enable signals; 

Figure 7 schematically illustrates a linear shift back feed register which may be 
used as a pseudo-random signal generator: 



20 



25 
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CLAIMS ■• I' 

•i * • 

■ . . . ■ ■ 1 ■ . • ■ 

1. Apparatus for processing data, said sqpparatuscomi^rising: • . 

a processor core (4) operiable to execute data processing ins^ 
g^erate result data vahies; and 

data processing registers (12) holding data values defining state of sai4 
processor core to wMch said result data values are \mttM^ wherein 

at least one data processing instruction executed by said processor core is a . 
conditional write data processing instruction encoding conditioii codes (26) specifying 
conditions under which said conditional write data processing instruction will or will 
not^e^^ermitted to-wtite data to-efifecta change in state of s^^^ 

fiirther comprising 

a trash register (51) to which a result data value may be written instead of a 
data processing register upon execution of said conditional write data processing 
instruction when said condition codes witiiux said conditional write data processing 
instruction do not permit a write to effect a change in state of said processor core. 

2 Apparatus as claimed m claim 1, comprising a register bank (12) having a 
plurality of data registers to which result data values are written. 

3. Apparatus as claimed in any one ofthe preceding claims, wherein writing to 
said trash register (51) is programmibly disabled by a trash register control ^gnal. 

4. Apparatus as claimed in claim 3, wherein said trash register control signal is 
stored in a system configuration register. 

5. Apparatus as claimed in claim 2, wherein said trash register (5 1) is part of said 
register bank, said trash register being unmapped to a register number such fliat said 
trash register may not be specified by a register specifying operand value. 

6. A method of processing data, said method comprising tiie steps of: 
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generating result data values upon execution by a processor core (4) of data 
processing instructions, at least one data processing instruction executed being a 
conditionai write data processing instruction encoding condition codes (26) specifying 
conditions under which said conditional write data processing instruction will or wiU 
5 \ not be permitted to write data to efTect a change in state of said processor 0^ 
wherein 

a result data value is not written to a data processing register ibiolding a data 
value defiiiing state of said processor core when condition codes within 
write data processing instruction do not permit a write to effect a change in state of . 
10 ^d processor core but is instead written to a trash register (51). 

7. A method as claimed in claim 6, whereiii said data processi^^ . 
of a register bank (12) having a plurality of data registers to which result diate y^ues 
are written. 

15 " .' 

8. A method as claimed in any one of claims 6 and 7, wherein writing to said 
trash register (51) is programmable disabled by a trash register control signal. 

9. A method as claiined in claim 8, wherein said trash register c 
20 stored in a system configuration register. 

10. A method as claimed in claim 7, wherein said dimimy register is part of said 
register bank, said trash register being unmapped to a register nuniber such that said 
trash register may not be specified by a register specifying operand value. 
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